A large number of free Android VPN apps are found at high risk in the Google Play Store. In a study involving about 150 of the most popular free VPN Android apps, it was found that almost a quarter of the VPN apps leaked information about the Domain Name System (DNS) and did not protect users. These apps have more than 260 million combined facilities around the world. Major flaws In addition to DNS leakage, a study conducted by Simon Migliano, Head of Research at Top10VPN.com at Metric Labs, found that four VPN apps leaked WebRTC data. Two other applications leaked data from DNS, IP addresses, and WebRTC. ” While many of our Risk Index findings are straightforward in what they reveal about a particular app, such as the presence of DNS leaks or network anomalies, permission analysis and risky functions need to be placed in the right context as it gives us an illuminating insight into the free app category as a whole, “Migliano said in the study. These 150 apps have also been scanned on the VirusTotal website of Google and 27 of these apps have been found to be a potential source of malware. Two thirds of the apps tested included privacy bugs for the user. A large majority of apps (nearly 66 percent) requested intrusive user permission-classified by official Android developer documentation as dangerous. Twenty-five percent of applications requested permission to track location and 38 percent requested access to personal data. Few applications wanted to use the camera and the microphone of the device or send text messages. The only thing all applications did right was to set up encrypted VPN connections. Network testing showed, however, that more than half of the apps had performance problems such as loss of packets, low bandwidth and excessive buffering.
High security risk apps
HotSpotShield Free, SuperVPN, Hi VPN, HotSpotShield Basic, Psiphon Pro, Turbo VPN, VPN Master, Snap VPN, Hola, and Speed VPN are the top ten free VPN apps that have been slammed to be at high risk. Each of these apps has a download figure of 10 to 50 million. None of these were marked for malware, but they all had at least the main problems: risky permissions, risky functions and leakage of DNS.